Exploit Prevention Labs LinkScanner Takes Aim at McAfee SiteAdvisor

Malicious Web sites are a standard method for infiltrating computers, and solutions designed to protect against such sites are growing in popularity. One company, SiteAdvisor, helped pioneer protection against malicious Web sites beginning in 2005. The SiteAdvisor service ranks Web sites to help users become aware of sites that might contain adware, malware, and various online scams.

In April, McAfee bought SiteAdvisor and began offering the service free to the public. Earlier this month, McAfee launched a paid service, SiteAdvisor Plus, that adds the ability to rank links in email messages and IMs to the standard features of ranking links in Web browsers, including those links returned by various search engines. Although the original SiteAdvisor is integrated into McAfee's security solutions at no added cost to consumers, the company said that it thinks SiteAdvisor Plus adds enough benefits that consumers will pay for the service.

Currently SiteAdvisor Plus works with the Microsoft Internet Explorer (IE) and Mozilla Firefox browsers; the Yahoo! Messenger, Windows Live Messenger, and Google Talk IM software; and the Microsoft Outlook, Outlook Express, Gmail, Yahoo! Mail, and Microsoft Live Mail (formerly Hotmail) software. McAfee said that support for AOL Instant Messenger (AIM) and AOL Mail is under development. SiteAdvisor Plus pricing starts at $24.99 for a single computer and $49.99 for three computers.

Not to be outdone, this week Exploit Prevention Labs launched a competing product, LinkScanner Pro, to complement the company's free LinkScanner Lite product. An offshoot of the company's original SocketShield product, LinkScanner Pro helps protect against links to malicious content in Web browsers and search results.

Like SiteAdvisor Plus, LinkScanner Pro helps people determine whether a link might lead to a malicious Web site before the person decides to click the link. Exploit Prevention Labs said one major difference of its solution is that it uses a realtime approach to link scanning.

"\[LinkScanner Pro has\] a driver that scans the TCP stream as it comes in looking for attempts to reach to known bad \[IP addresses\] and for exploits coming in on the stream. Scanning for bad IPs is very fast, but because bad sites are so transient, it's only useful for static exploit hubs," said Roger Thompson, CTO of Exploit Prevention Labs. Thompson added that the tool also uses a static database, like McAfee's SiteAdvisor.

Since LinkScanner scans TCP traffic in real time, it could also protect IM clients. However, Thompson said that currently there are no exploits against IM clients. Thompson also said that LinkScanner won't directly support email clients unless the threat landscape changes. Email clients typically open a browser when a link in an email message is clicked and in those instances, LinkScanner would protect the system against exploits.

LinkScanner currently works with IE, and support for Firefox is expected to become available in January. Support for other browsers is also under development, however no details are available to the public at this time. LinkScanner Pro pricing starts at $19.95 for a single computer.